Advances in searching through massive piles of storage data could speedup deployment of a decade-old surveillance technology to catch badguys dedicated to breaching corporate networks.

Heightened use of network forensic technology can provide networkadmins with the equivalent of a video camera placed within corporatecomputer networks. This technology allows admins to rewind throughweeks of network activity to catch hackers in the act of breaking in.

Breaches do not occur in isolation. This type of TiVo effect wouldallow network security cops to trace the hacker’s footsteps throughthe network to see where those committing the breach went and whatthey left behind.

More than 85 percent of corporate security officers expect a majornetwork security event in the next three years or have had one in thepast three years, according to a 2009 Trusted Strategies NetworkForensics Market Survey. Typically, it takes organizations reboundingfrom breach attacks two to 10 to discover the full scopeof the incident — sometimes even longer.

“It is a matter of when and not if a company will suffer a networkbreach. A secure company is one that manages a breach well by catchingit early and minimizing damages,” Andreas Antonopoulos, senior vicepresident and founding partner of The Nemertes Research Group, toldTechNewsWorld.

At least 171 significant data breaches happened so far this year. Of that number, 20 involve financial services companies,according to the Identity Theft Resource Center (ITRC), which tracksdata breaches. For a clue as to why network forensics tools arebecoming a growing need, 20 incidents actually occurred last year butare just now being brought to light, according to the ITRC.

The most common use for network forensics is for post-incidentanalysis and on-demand investigations, according to a Gartner reporttitled “Network Forensics Market” written by Gartner Vice PresidentJohn Pescatore. These uses could thrust this type of technology intothe spotlight given the changing threat landscape.

“Network forensics provides VCR-like tools and activity analysis. Thetechnology is some 10 years old. There is not a lot of demand for ityet. Now interest is growing due to the involvement of federalagencies as a way to preserve evidence,” Pescatore toldTechNewsWorld.

Three uses for network forensics could help network admins to carry abigger stick in chasing hackers from networks. The technology is usedto replay network events and watch a specific PC use on the network.These are reactive strategies, explained Pescatore. A third and moreproactive use is looking forward to potential activity.

“Still this is a relatively small industry compared to othertechnologies. This is not a mass market. It also requires a lot ofexpertise,” Pescatore said.

Threats have changed in the last few years. The altered threat levelis putting more focus and demand on this type of security technology,he added.

Strategies to catch hackers in the act of breaching networks dictatethat access controls and network monitoring are in place, notedNemertes’ Antonopoulos. But there is too little industry effort onmonitoring. Why? Because it’s really expensive, he suggested.

For example, security experts can secure a shopping mall with locks ondoors and bars on windows. This approach is cheaper than hiring guardsand installing cameras — and then paying another couple of people to watch thecameras.

The same analogy explains the cost factor that has hindered the use ofsoftware and hardware solutions that provide the “mall cop” methodologyneeded to bring networks forensics into prominence.

The manpower drain and the cumbersome process of reviewing recordednetwork traffic may very well be the deal breakers in using networksurveillance technology to catch more bad guys bent on breachingcorporate networks.

Both tasks can be done, of course, but only for a sometimes hefty price. Networks handle and enormous amount of traffic, all of which would have to be monitored by on-the-job personnel. Another cost relates to long-term storage, said Antonopoulos.

“You have to make compromises in deciding when to turn off thecapturing and how far back to keep the records,” he said.

The industry standard for network security relies on the age-oldmethod of trusting signatures and other observable triggers to detectaberrant network behavior. Network forensics provides one of severalalternative security strategies.

One security method similar to the forensics approach is a strategyknown as “SIEM,” or Security Information and Event Management. Theseproducts capture, archive and correlate events from logs on computerand network devices. However, they do not provide full network packetcapture, according to Gartner.

Similarly, Intrusion Prevention Systems (IPSs) and next-generationfirewall appliances can see well into network traffic and do deeppacket inspections. But they cannot store long-term the capturedtraffic and use analytics for network forensics tasks, notedPescatore.

From this list of vendors — though not an endorsement from Gartner orThe Nemertes Research Group — Solera Networks recently added what couldprove to be a significant contribution to the network forensics category.

“Solera’s approach is new, but the network forensic technology is 15years old. The company’s approach is to create vast indices tosimultaneously categorize the traffic by markers. Before this approach,it took too much effort to review all the stored data,” Antonopoulossaid.

Network forensics technology is much like placing a security camera onthe network, and network is a very dark place. What else Solera Networksdoes to brighten this process could make users more successful inrouting the breachers.

“Other companies try to analyze network activity but are merelycollecting metadata. Our technology actually records events. It’slike a TiVo for the network. You can go back in time to play fullaction,” Peter Schlampp, vice president of marketing for SoleraNetworks, told TechNewsWorld.

This forensics approach is like a casino security video office thatsees all that is happening in real time with 100 percent fidelity.

A key factor in finding hackers making breaches is having technologythat allows admins to see a playback. Breaches happen incrementally.This technology allows network managers to go back in time to see whathappened so they can fix it, said Antonopoulos.

Seeing a breach is only one aspect of the process. You still don’tknow the extent of the damage. That’s what’s wrong with using networkforensics until now.

“The industry doesn’t effectively roll back its investigation whenbreaches occur. It’s not even accurate to describe the industry’sinvolvement as hit or miss. It’s mostly miss,” said Antonopoulos.

Caught in the Act: The Mall Cop Approach to Network Security have 1057 words, post on www.technewsworld.com at 2010-04-19 00:18:54. This is cached page on Technology Breaking News. If you want remove this page, please contact us.

Network security was a big issue a decade ago. Now, ten years of technology later, it continues to be a top priority and it appears that it will be so ten years from now as well. That's because as IT security firms learn more about the tactics of hackers, crackers and malicious code writers, the latter group just continues to devise more clever schemes. It's a cat-and-mouse game of sorts in which both creatures continue growing smarter -- but the mouse ultimately keeps steps ahead with the cat feverishly chasing after it.Security solutions firm StillSecure recently introduced Strata Guard, a…... [read more]

Ever since RoboCop and Terminator 2: Judgment Day hit our screens a quarter century ago, people have dreaming about the use of robots to stop making hamburgers and packing boxes and start protecting the general populace.That’s the mission statement of the 300-pound K5 security robot: a hefty robotic alternative to the regular security guard who packs an impressive number of features. Having been in development for a few years, the K5 has been making the news this week — after being spotted in its (his?) new job as a mall cop at Stanford Shopping Center, where the sighting has even prompted…... [read more]

Spyware and adware infections have become so widespread on enterprise networks that corporate IT departments are beginning to reinforce their network perimeters with a better mousetrap.This security strategy, known in IT circles as unified threat management, puts multiple layers of hardware and software protection into one package. Using this strategy, IT officials in medium to large companies can apply an exhaustive, bundled approach that layers security by combining software and hardware.A white paper analysis by security solutions company ServGate notes that infections by spyware, adware and malware are increasing at an alarming rate.The cloaked combination of these three types of…... [read more]

The Department of Homeland Security has announced an initiative to shore up security by squashing software bugs. This follows a slew of high-profile attacks on government and corporate computer systems that have led to sensitive information being stolen. The nonprofit, federally funded MITRE Corporation is unveiling several efforts aimed at helping businesses better defend their software. These include a list of the 25 most dangerous software errors, and guidance for businesses hoping to eliminate them; MITRE also offers tools to help businesses assess which vulnerabilities threaten them the most. These efforts were largely sponsored by the Software Assurance program in the National…... [read more]

Stay on top of the fast-moving world of network security with ECT News Network's daily roundup of breaking news.CNN: Cops Charge Two Brits in Hacking Ring11-Sep-03 10:36 ETStory Highlights:Full Story on CNNMSNBC: Electrical Grid Vulnerable to Hackers11-Sep-03 12:25 ETStory Highlights:Full Story on MSNBCThe Register: WiFi Whistle Blower Faces Criminal Charges12-Sep-03 11:51 ETStory Highlights:Full Story on The RegisterSecurity Pipeline: Microsoft Testing a Security Service Pack for Windows XP11-Sep-03 16:41 ETStory Highlights:Windows XP service pack until the middle of 2004, Microsoft apparently is readying an interim collection of security fixes, according to e-mails received by beta testers Wednesday."Full Story on Security PipelinePCWorld:…... [read more]

Atlanta – Digital Signage Connection (DSC), the news and information portal supported by Digital Signage Expo as its year-round resource for digital signage professionals and end users invested in the digital signage space, announced the latest installment of its monthly webinar series will take place Thursday December 14, at 2 p.m. EST.Christopher Mackenzie, Vice President of Digital Advertising Operations for Clear Channel Outdoor and Robert Deragisch, Director of Engineering Services for Parker Hannifin Corporation, will co-present “How to Maintain Network Security & Control Damage.”Due to high-profile breaches, network security remains a hot topic, and all digital network operators understand the…... [read more]

Atlanta – Digital Signage Connection (DSC), the news and information portal supported by Digital Signage Expo as its year-round resource for digital signage professionals and end users invested in the digital signage space, announced the latest installment of its monthly webinar series will take place Thursday December 14, at 2 p.m. EST.Christopher Mackenzie, Vice President of Digital Advertising Operations for Clear Channel Outdoor and Robert Deragisch, Director of Engineering Services for Parker Hannifin Corporation, will co-present “How to Maintain Network Security & Control Damage.”Due to high-profile breaches, network security remains a hot topic, and all digital network operators understand the…... [read more]

With their bottom lines and corporate reputations at risk, many securityprofessionals, tired of being able only to react to viruses and worms, are looking for ways to prevent degradation and infection.Worms and viruses cost organizations billions of dollars and hundreds ofman-hours. Spam has grown to represent between 60 percent and 70 percentof all e-mail, according to published reports. And even the companieschargedwith helping businesses secure their networks now are coming underattack.In April, for example, Cisco warned customers about a hole in itsWirelessLAN Solution Engine.Indeed, current security gaps cost U.S. businesses about 5.7 percent inannual revenue, according to Omni Consulting Group.…... [read more]